Subscribe to this blog

Subscribe

[Opinion] Will Machine Learning in Cyber Security open a Pandora’s Box?

Machine Learning is the buzz word nowadays. Huge numbers of courses on machine learning have mushroomed online and companies are running after professionals who are an expert in that. As per Udacity, which has developed a course on machine learning in collaboration with Google defines it as “Machine learning represents a key evolution in the fields of computer science, data analysis, software engineering, and artificial intelligence.”

Wiki, however, explains it in a better manner rather than just throwing jargons. It says that machine learning gives "computers the ability to learn without being explicitly programmed.” Much understandable!! In simpler terms, computers start learning processes and develop a deduction capability rather than just perform what it is programmed to do.

When such machines are made to learn to defend our networks and organizations from an information security point of view, good and bad things will happen. Read on....

According to an article published in Techcrunch, “The darker side of machine learning” gives us a glimpse of how a facial recognition app used in Russia can be used to identify who has a profile on VK.com, the social media platform known as “Russian Facebook”. Your privacy goes for a toss with applications such as Findface and no extra points for guessing that it is a simple application of machine learning.

The Threat Detection Business

The cyber security business is of billions of dollar and there is no doubt as to why cyber security startups are able to raise millions of dollars quickly as compared to others. Machine learning and AI is being explored to its full potential according to an article published in Computerworld UK. The article titled “Machine learning in cyber security: what is it and what do you need to know?” gives an interesting understanding of how vendors of the security business across the world are jumping the bandwagon and in order to outdo each other, are trying to come out with products based on machine learning.

“Many Eyes” is what the CSO at Vectra Networks calls it and says “You can use machines to observe the network continuously in real time, and correlate that across hundreds of millions, to trillions, of events on a daily basis.

“A traditional approach from a security practitioner perspective is to take logs, drop them into some central database, and then, offline, mine that data for events that we have a feeling might be there,” he says. "What machine learning offers is that all of the work can be done in real time, live in a network wire and without that human oversight.”

Thanks to the article, we get to know the thoughts of Andrew Gardner, senior director of machine learning at Symantec, explains that where machine learning will really help is in scale and automation. Think of the difference, he says, between two humans playing chess and two computers playing chess. And the computers can play each other at very high speeds.

"One thing that's useful for is it allows us to do predictive testing,” he says. "We can, in a sandbox, use AI machine learning in the same way that an attacker might do, to predict and explore possible exploits on a scale that humans just can't achieve.”

The Fear of the Unknown

Human beings always fear what they do not understand or know. We have gone to great lengths to understand and decipher every large or small thing in this world and others.

The vendors are trying to paint a rosy picture and they are adamant to prove that machine learning will be the panacea to all the problems. “Machines will be able to identify the unknown attacks and will be able to protect you from the unknown”.

The article at Computer world UK further highlights the point of Vectra's Gunter Ollman who warns that professional attackers are studying machine learning very closely – and many of them are already data scientists.

"This is no different from 10 years ago when behavioral learning systems came out that the bad guys invested their own time, and they found ways to detect and bypass the sandboxing technologies,” he says. "I expect we'll see that same level of thought and actions going into machine learning and artificial intelligence.”

Companies today want a one stop solution which is ready to defend them from the unknown. Why does everyone forget that the professional attackers use those same tools and mechanisms to create more sinister attacks? Are we ready for it?

The world is already grappling with new attacks every day. Are we truly ready for something which the vendors or machine learning enthusiasts tell us is going to solve all our problems rather and creating more difficult ones?

Wanna cry made a lot of people cry… the hospitals in the UK were the most affected. We, the governments, the cyber security professionals, CERTs etc. were not able to much about it other than just giving sermons as to your systems should be patched all the time. How that you should use the latest products and enable antivirus protection and so on…

We were not able to defend ourselves against these known attacks … are we really ready to defend us against the unknown?

Is Machine Learning the solution?

YES and NO. Why Yes? Because ultimately we will have to use it as the data points generated will be too huge to handle in coming years. We will have so complex mechanism and things in place that we would need machines to come to our rescue.

Why Not? As 451's Adrian Sanabria says “We know from experience that attacks will simulate what info sec vendors are doing. Machine learning models depend on a degree of likeness, so if attackers find a way to produce malware that looks significantly different from what models expect, machine learning-based detection methods could become ineffective overnight.”

Rather than just jumping on the new buzzword and falling for slick marketing, it is important for us to push the software vendors to integrate security from the design phase and not patch it later on. We need professionals who can defend against the known attacks and software developers who design and integrate security into every aspect of the software.

Multiple layers of protection or onion security are the best bet today.

It is important that we understand and give time for machine learning to mature and then allow it to defend our networks…

What do you think about it?

Reactions:

Get link

Facebook

Twitter

Pinterest

Email

Other Apps

Comments

Nice post.Thanks for sharing this post. Machine Learning is steadily moving away from abstractions and engaging more in business problem solving with support from AI and Deep Learning. With Big Data making its way back to mainstream business activities, to know more information visit: Pridesys IT Ltd

Awesome post. Thanks for sharing this post with us.to form a pc checkers application that was one amongst the primary programs that would learn from its own mistakes and improve its performance over time.Machine learning course one step any - it changes its program's behavior supported what it learns.

Great Information. Thank You Author, for sharing your valuable information about Machine Learning with us. People who are reading this blog can continue your knowledge which you gained with us and know how to apply this practically along with our Machine Learning Course

You may also like to read...

You may read multiple posts on the various blogs and websites where you are given tips as to how to pass the exam in the first go, refer which books and solve which questions. In this blog post I’m not going to bombard you with those details. Instead, I’m going to share my journey and experience from preparing till passing the CISSP exam in the first attempt. What is CISSP? CISSP stands for Certified Information Systems Security Professional. Congratulations and all the very best to you, if you have decided to opt for the Gold Standard Certification. The exam is offered by ISC2 and contains around 250 questions. You have to book an appointment for the CISSP exam through the ISC2 website where you then redirected to a Pearson Vue website when you register for the exam. The exam costs around 599USD. Phase 1: Deciding It is very important for you to finalize which certification you want to do. Try to research the pros and cons of a certification. Do not just start preparing for a particular…

I wrote a blog post in the month of December where I detailed about the new CISSP CAT format being launched by the (ISC)2. The post gave details about the new exam – what would it be all about, what does the new exam mean for you and important points to consider. Well, since I had passed the exam way back in July, there was no way, I would decide to sit for this difficult exam again. Luckily, few of my friends gave the CISSP CAT exam and passed it, so I spoke to them to understand their experience with this new exam format and decided to write about it. So here it goes… The Study Material
The first question that comes to everyone’s mind is – Do I need to look for a new study material since the exam format has changed. The answer is NO. The CISSP study material remains the same. My friends referred to the following material, but this is not an exhaustive list in any way. My recommendation would be to stick to one particular book and get to know every word and line of it. It is extremel…

Systems Security Certified Practitioner (SSCP) exam is offered by (ISC)2. When I prepared for this exam, there was hardly any material for preparation or blog posts to help me understand the experience of this exam. In this blog post, I will try to explain to you how to study for this exam and the experience of this exam.
Before I begin, let me congratulate on your journey to becoming an SSCP. Although this certification may not be highly recognized as the CISSP certification, still it shows your employer and the world that you are really interested to pursue your career in this field. You become a practitioner in this field. What is SSCP?
You would like to read CISSP vs SSCP in case you want to have a comparison between the exams. SSCP is a 3-hour long examination having 125 questions. You are required to score a minimum of 700 out of 1000. 25 questions are not graded as they are research oriented questions. It is important to note that since these questions are not graded, you need …

Popular Posts

You may read multiple posts on the various blogs and websites where you are given tips as to how to pass the exam in the first go, refer which books and solve which questions. In this blog post I’m not going to bombard you with those details. Instead, I’m going to share my journey and experience from preparing till passing the CISSP exam in the first attempt. What is CISSP? CISSP stands for Certified Information Systems Security Professional. Congratulations and all the very best to you, if you have decided to opt for the Gold Standard Certification. The exam is offered by ISC2 and contains around 250 questions. You have to book an appointment for the CISSP exam through the ISC2 website where you then redirected to a Pearson Vue website when you register for the exam. The exam costs around 599USD. Phase 1: Deciding It is very important for you to finalize which certification you want to do. Try to research the pros and cons of a certification. Do not just start preparing for a particular…

I wrote a blog post in the month of December where I detailed about the new CISSP CAT format being launched by the (ISC)2. The post gave details about the new exam – what would it be all about, what does the new exam mean for you and important points to consider. Well, since I had passed the exam way back in July, there was no way, I would decide to sit for this difficult exam again. Luckily, few of my friends gave the CISSP CAT exam and passed it, so I spoke to them to understand their experience with this new exam format and decided to write about it. So here it goes… The Study Material
The first question that comes to everyone’s mind is – Do I need to look for a new study material since the exam format has changed. The answer is NO. The CISSP study material remains the same. My friends referred to the following material, but this is not an exhaustive list in any way. My recommendation would be to stick to one particular book and get to know every word and line of it. It is extremel…

Systems Security Certified Practitioner (SSCP) exam is offered by (ISC)2. When I prepared for this exam, there was hardly any material for preparation or blog posts to help me understand the experience of this exam. In this blog post, I will try to explain to you how to study for this exam and the experience of this exam.
Before I begin, let me congratulate on your journey to becoming an SSCP. Although this certification may not be highly recognized as the CISSP certification, still it shows your employer and the world that you are really interested to pursue your career in this field. You become a practitioner in this field. What is SSCP?
You would like to read CISSP vs SSCP in case you want to have a comparison between the exams. SSCP is a 3-hour long examination having 125 questions. You are required to score a minimum of 700 out of 1000. 25 questions are not graded as they are research oriented questions. It is important to note that since these questions are not graded, you need …

Disclaimer:

The views and opinions expressed herein are my own. They do NOT intend to represent the views or opinions of my employer or any other organization. Any information represented as fact are believed by me to be true, but I make no legal claim as to their certainty.